COPS Technican Manual
1 App Cheat Sheet
1.1 CPU
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Info | CPU-Z | CPUID.CPU-Z | ✕ | |
| Stress | CPU-Z | CPUID.CPU-Z | ✕ |
1.2 GPU
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Driver (Update-AMD) | AMD Adrenalin | - | ✕ | |
| Driver (Update-INTEL) | Intel HD Graphics | - | ✕ | |
| Driver (Update-NVIDIA) | Nvidia App | - | ✕ | |
| Driver (Uninstall) | Display Driver Uninstaller (DDU) | Wagnardsoft.DisplayDriverUninstaller | ✕ | Boot into Safe Mode to use |
| Info | GPU-z | TechPowerUp.GPU-Z | ✕ | |
| Stress | Furmark | Geeks3D.FurMark | ✕ |
1.3 STORAGE
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Benchmark | CrystalDiskMark | CrystalDewWorld.CrystalDiskMark | ✕ | |
| Clone | MiniTool Partition Wizard | MiniTool.PartitionWizard.Free | ✕ | Bootable full version on Medicat |
| Info | CrystalDiskInfo | CrystalDewWorld.CrystalDiskInfo | ✕ | |
| Info | Clear Disk Info | - | ✕ |
1.4 SYSTEM
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Temperatures | HWMonitor | CPUID.HWMonitor | ✕ |
1.5 WINDOWS
| TASK | APPLICATION | WINGET | DISABLE ANTIVIRUS | NOTES |
|---|---|---|---|---|
| Blue Screens (Check STOP-Codes/Errors) | BlueScreenView | NirSoft.BlueScreenView | ✕ | |
| Drivers (Verify) | Verifier | Win+R: verifier | ✕ | Built-in to Windows |
| Drivers (Update) | Snappy Driver Installer Origin (SDIO) | GlennDelahoy.SnappyDriverInstallerOrigin | ✕ | |
| License Keys (Extract) | Product Key Scanner | - | ✓✓ |
1.6 Android
| App | Description | Use Case |
|---|---|---|
| Appwatch | Snitch on app activity | DEPRECATEDUse Rox Security insteadIdentify apps that are responsible for instrusive full-screen pop-ups |
| Rox Security | Multi-tool for identifying unusual/unwanted app behaviour, including snitching on app activity | Identify apps that are responsible for instrusive full-screen pop-ups |
2 System Service
2.1 Windows
2.1.1 Software
- Restart Windows
Force Restart Windows (shutdown -r -f -t 00) now to provide a clean environment befor proceeding - System Restore
Check System Restore configuration and try to set at least 7% allocation - Create a new System Restore pointName it something like “COPS - Pre System Service”
- Task Manager
- Disable unwanted startup items
- Wintoys
- Install Wintoys
winget install wintoys
or
winget install 9P8LTPGCBZXDor
ms-windows-store://pdp/?ProductId=9P8LTPGCBZXD - Performance Tab
Ultimate performance power plan
Turn ON if Desktop
Turn OFF if LaptopHAGS (hardware-accelerated GPU scheduling)| Turn ONVBS (virtualization-base security)| Turn ONStartup apps| Disable unwanted startup itemsSearch indexing| Turn ONDelivery optimization| Turn ONNetwork adapter onboard processor| Turn ON
- Health Tab
Fast startup| Turn ONDrive optimization| Turn ON and run (click config icon and optimise each drive)Storage sense| Turn ON and run (click config icon and click ‘Run Storage Sense now’)Cleanup| Run ‘Junk’ + ‘Microsoft Store’ + ‘DNS’System updates| Set to ‘Default’App updates| Turn ONGraphics driver| Click ‘Restart’Icons cache| Click ‘Rebuild’
- Tweaks Tab
Desktop| Turn ON ‘This PC’ + ‘Recycle Bin’
- Install Wintoys
- Update software
- Windows Update
- old Windows 10 builds can use the Windows 10 Update Assistant to jump to the latest build
- Update Apps via Winget
- Update Apps via Microsoft Store
- Update Office Apps
- Windows Update
- Update Drivers
- Update Drivers using
SDIO - Verify Drivers using
verifier
- Update Drivers using
- Maintenance
- Run the following commands:
- sfc /scannow
- dism /online /cleanup-image /startcomponentcleanup /resetbase
- dism /online /cleanup-image /restorehealth
- sfc /scannow
- chkdsk c: /r /scan /perf
- defrag c: /o
- Disk Cleanup
- Run
cleanmgr /sageset:10 - Click
Clean up system files - Tick all checkboxes EXCEPT:
System error memory dump filesSystem error minidump filesWindows error reports and feedback diagnosticsUser file history - Click
OK - Run
cleanmgr /sagerun:10
- Run
- Memory Diagnostics
- Run
Windows Memory Diagnostics - Click ‘Restart now and check for problems (recommended)’
- After Windows boots back up, check results:
Event Viewer- Windows Logs - System - Filter Current Log… - Event sources - Tick ‘MemoryDiagnostics-Results’ - Click OK
- Run
- Create a new System Restore pointName it something like “COPS - Post System Service”
- Run the following commands:
2.1.2 Hardware
- Check all buttons and ports are free from debris and working functioning correctly
- Air compress out system as required
- Wipe down device and clean surfaces
- Add a
Serviced by COPSsticker or replace old worn stickers as required
3 Data Transfer
3.1 Windows
3.1.1 Backup
- Restart Windows
Force Restart Windows (shutdown -r -f -t 00) now to provide a clean environment befor proceeding - [OPTIONAL] Create a new System Restore point
- Disable Antivirus
- Some of our extraction tools prompt false positives in the majority of security software
- Create a Job folder on a Transfer Drive
naming convention:
Job#5000- Create a new folder with the current job number to save User Data to
- Backup User Profiles
- Copy
C:\Users\folder to the Job folder on the Transfer Drive
- Copy
- Backup Web Browsers
For each web browser installed complete the following:- Export Bookmarks
naming convention:
Web Browser - Google Chrome - Bookmarks - 2024-07-15.html
or
web-browser_google-chrome_bookmarks_2024-07-15.html- Google Chrome URL:
chrome://bookmarks
- Microsoft Edge URL:
edge://favorites
- AVG Secure Browser URL:
secure://bookmarks
- Mozilla Firefox Hotkey:
Ctrl+Shift+O
- Microsoft Internet Explorer:
%USERPROFILE%\Favorites
- Google Chrome URL:
- Export Passwords
naming convention:
Web Browser - Google Chrome - Passwords - 2024-07-15.csv
or
web-browser_google-chrome_passwords-2024-07-15.csv- Google Chrome URL:
chrome://password-managerorchrome://settings/passwords(older Chrome versions)
- Microsoft Edge URL:
edge://wallet/passwordsoredge://settings/passwords(older Edge versions)
- AVG Secure Browser URL:
secure://password-managerorsecure://settings/passwords(older Secure Browser versions)
- Mozilla Firefox URL:
about:logins
- Microsoft Internet Explorer: use Nirsoft IE PassView
- Google Chrome URL:
- Sync Accounts
Try to sync each browser with their relevant accounts if available
Manual exports of Bookmarks + Passwords is good, but syncing the entire browser is better- Google Chrome:
Google Accountchrome://sync-internals
- Check Enabled:
Sync Feature Enabled= true
- Check Account:
Username
- Checked Synced:
Last Synced= Just now
- Check Not Actively Syncing:
Sync Cycle Ongoing= false
- Force Sync (if required):
chrome://extensions- enableDeveloper mode- clickUpdate
- Microsoft Edge:
Microsoft Account- TODO (but it’s similar to Chrome)
- TODO (but it’s similar to Chrome)
- AVG Secure Browser:
AVG Account- TODO (but it’s similar to Chrome)
- TODO (but it’s similar to Chrome)
- Mozilla Firefox:_
Mozilla Account- TODO
- Google Chrome:
- Export Bookmarks
- Export Installed Programs List
naming convention:
Installed Programs - Nirsoft Uninstallview - 2024-07-15.html
or
installed-programs_nirsoft-uninstallview_2024-07-15.html- use Nirsoft UninstallView, save all as Horizontal HTML
- Export Winget
naming convention:
Winget - Export - 2024-07-15.json
or
winget_export_2024-07-15.json- Open a Terminal as Administrator
Runwtorpowershellorcmd - Check Winget is installed
winget -v(this will throw an error if winget is unavailable)
- Update Winget
winget source update - Export Winget’s list of installed programs
winget export -o "REPLACE-WITH-TARGET-FILE"
(update REPLACE-WITH-TARGET-FILE with the target winget export file on the transfer drive)
- Optionally export a list of all programs that Winget does cannot re-install at the same time with this extended command
winget export -o "REPLACE-WITH-TARGET-FILE" >- "winget_unnavailable.txt"
- Open a Terminal as Administrator
- Export License Keys
naming convention:
License Keys - Nirsoft Product Key Scanner - 2024-07-15.html
or
license-keys_nirsoft-product-key-scanner_2024-07-15.html- use Nirsoft Product Key Scanner or Nirsoft ProduKey, save all as Horizontal HTML
- Export Emails
- Extract Passwords and Server Settings
- Nirsoft Mail PassView
- Nirsoft WinMailPassRec
- Nirsoft PstPassword
- Backup any accounts set up as POP
- Extract Passwords and Server Settings
- Check C: Drive for unusual files/folders
- copy to Job folder copying the C: Drive file structure (TransferDrive:\Job#5000\C\FolderToSave)
- [OPTIONAL] Create Winget Install Script
- https://winstall.app/ - Select Desired Programs - Generate Script - Download both Batch (.bat) and PowerShell (.ps1) scripts
- Export Drivers
TRANSFERDRIVE:\\Job#5000\Drivers - 2024-07-15\
or
TRANSFERDRIVER:\\Job#5000\drivers_2024-07-15\- Open
PowerShellas an Administrator and run the following script:
Export-WindowsDriver -Online -Destination "REPLACE-WITH-TARGET-FOLDER"
(update REPLACE-WITH-TARGET-FOLDER with the target drivers folder on the transfer drive)
- Open
- Enable Antivirus
3.1.2 Prepare New Device (if required)
- Create a Local Account during Windows 10/11 Out of Box Experience (OOBE)
- Option 1: No Internet Connected
Bypass Network Registration- Open Command Prompt:
Shift+F10(may require pressingFnon some devices)
- Run command:
OOBE\BYPASSNRO(this will restart the OOBE if successful)
- Proceed through OOBE like normal until you get to the Network Selection screen
- Select
I don't have an internet connection(if this button is not available the bypass didn’t work, proceed to Option 2)
- Select
Continue with limited setup
- Create a Local Account:
COPS(no password)
- Complete the OOBE as normal
- Open Command Prompt:
- Option 2: Internet Connected
Force Local Account Creation- Proceed though OOBE like normal until you get to the Login with a Microsoft Account screen
- Open Command Prompt:
Shift+F10(may require pressingFnon some devices)
- Run command:
start ms-cxh:localonly - Create a Local Account:
COPS(no password)
- Complete the OOBE as normal
- Proceed though OOBE like normal until you get to the Login with a Microsoft Account screen
- Note regarding Windows 10/11 S Mode
In some cases you won’t be able to open the Command Prompt, you may only see it’s black box flash up on the screen and quickly dissapear. This is could be a indication of the Windows 10/11 install being in S Mode (Store Mode), which disables access to terminals (i.e. Command Prompt) and execution of non Microsoft Store apps.
If you encounter this, you will not be able create a Local Account during the OOBE, and you will need to complete the OOBE with the customer’s Microsoft Account. After the OOBE is complete and you’ve reached the Windows Desktop environment, you may need to Switch Out of S Mode to proceed with the Data Transfer, as S Mode restricts us from running our tools if required.- [OPTIONAL] Switch Out of S Mode
WARNING: SWITCHING OUT OF S MODE IS A PERMANANT CHANGE AND CANNOT BE REVERTED- Connect to the internet
- Run
ms-windows-store://pdp/?productid=BF712690PMLF&OCID=windowssmodesupportpage
- Follow the prompts to Switch Out of S Mode
(this will change the Windows edition installed to Windows 10/11 Home or Pro as per it’s installed license)
- Connect to the internet
- [OPTIONAL] Switch Out of S Mode
- Option 1: No Internet Connected
- Configure System Restore
- Check installed Windows’ Edition
- Run
winver
- Run
- Create a new System Restore point
COPS - Fresh Windows 10/11 Home/Pro Install(use 10 or 11 and Home or Pro as perwinver) - Connect to the Internet (if not already)
- Check Windows is activated
TODO:ms-settings:activationorms-settings:activation?activationSource=SMC-Article-12440 - Configure Time/Date
- Configure Windows Update
- Open Windows Update
Runcontrol update - Click
Resume updatesif updates are currently paused - Disable
Get the latest updates as soon as they're available - Advanced options
- Enable
Receive update for other Microsoft products - Disable
Get me up to date - Enable
Notify me when a restart is required to finish updating - Delivery Optimization
- Enable
Allow downloads from other devices- Select
Devices on my local network
- Select
- Enable
- Enable
- Open Windows Update
- Update Microsoft Store Apps
- Open Microsoft Store
Runms-windows-store:- Click
Downloads - Click
Check for updates - Click
Update all
- Click
- Open Microsoft Store
- Update Winget Apps
- Open a Terminal
Runwtorpowershellorcmd - Run the following commands:
winget source update
winget upgrade --all --silent
- Open a Terminal
- Update Windows
- Update Office apps
- Run
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe" /update user forceappshutdown=true
- Run
- Check Drivers
Bangs(!) exclamation marks in Device Manager indicates missing, incorrect, or corrupt drivers- Open
Device Managerto check for Bangs(!) - Run
Snappy Driver Installer Origin (SDIO)as an Administrator - Select
TODO: Create a new system restore point - Select all missing/incorrect/corrupt drivers (as per bangs! in Device Manager)
- Click
Install
- Open
- [OPTIONAL] Update Outdated Drivers
- Verify Drivers
- Turn On Windows Verifier:
- Run
verifier - Select
Create standard settings - Click
Next - Select
Automatically select all drivers on this computer - Click
Finish - Restart Windows
shutdown -r -f -t 00- Windows Verifier works by stressing out drivers as they’re loaded (it is expected that the computer’s performance will be impacted while verifier is enabled)
- If Windows loads into the desktop OK and does not crash with Verifier enabled, then all is good and you can proceed to turn it off
- If Verifier induces a crash, Windows should produce a Blue Screen of Death (BSOD) with a STOP Code error and information on the driver that crashed, you can use this information to identify the faulty driver that caused the crash and replace it
- Windows Verifier works by stressing out drivers as they’re loaded (it is expected that the computer’s performance will be impacted while verifier is enabled)
- Run
- Turn Off Windows Verifier:
- Run
verifier - Select
Delete existing settings - Click
Finish - Restart Windows
shutdown -r -f -t 00
- Run
- Turn On Windows Verifier:
3.1.3 Restore
- Install Programs
- you can use the winget install script for this if you made one - install programs before restoring the user profile, as otherwise some required registry entries may not exist yet
- Restore User Profiles
- make Administrator, make default user, set no password and set password does NOT expire
- Copy over any C: Drive files/folders that were backed up
- Restart Windows (this should log in to the restored user profile)
- open a command prompt window (or similar) as Administrator to ensure account has admin priviledges
- Install Printer Drivers
- If you can not install the printer drivers + software without the printer present, save the printer package installer to
C:\COPS\and create a shortcut to it on the customer’s desktop
- If you can not install the printer drivers + software without the printer present, save the printer package installer to
- Check Web Browsers and restore Bookmarks and Passwords from backups as required
- Activate software using extracted keys or accounts as required
- Configure email accounts as required
- Install additional drivers as required
- Move any USB Dongles from the old device (Wireless mice, wifi, blue adapters, etc…)
- Update Apps
viaMicrosoft Store
viaWinget - Update Windows
- Update Office apps (if installed)
- Restart Windows
- Remove ‘COPS’ user account
- Run:
netplwiz- SelectCOPS- ClickRemove - Delete
C:\Users\COPS\folder
Windows may prevent you from removing this folder if it’s currently accessing it in the background, if this happens just restart Windows and try to remove it again - Empty Recycle Bin
- Run:
- System Maintenance/Repair
- Open a Terminal as Administrator
Runwtorpowershellorcmd - Run the following commands:
winget source reset --force
winget source update
winget upgrade --all --silent
sfc /scannow
dism /online /cleanup-image /startcomponentcleanup /resetbase
dism /online /cleanup-image /restorehealth
sfc /scannow
defrag /c /o
chkdsk c: /r /scan /perf
Useful Tip
You can queue up multiple commands in PowerShell by pressingShift+Enterto add a new line before pressingEnterto execute the all of the queued up commands one after another
- Open a Terminal as Administrator
- Restart Windows
- Create a new System Restore point
COPS - Completed Data Transfer
4 Virus/Malware Removal
4.1 Windows
4.1.1 Pre
- [IMPORTANT] Air Gap Device > Ensure device is disconnected from all networks before RKill is run successfully and RATs ( Remote Access Tools ) removed, to ensure malicious actors do not re-connect to the device while it’s still compromised
- Enable System Restore (set to 7% allocation if enough free disk space)
- [OPTIONAL] Create a new System Restore point
COPS - Pre Virus/Malware Removal> This System Restore point will be wiped out in a later step (post-virus/malware removal), as malware can persist in old System Restore points - Restart Windows
Force Restart Windows (shutdown -r -f -t 00) now to provide a clean environment befor proceeding - COPS Folder
CreateC:\COPS\folder on the system- [OPTIONAL] Add
C:\COPS\to the installed antivirus’s exclusion list
Trend Micro
Windows Security
- [OPTIONAL] Add
- Disable Antivirus
Trend Micro
Windows Security
- RKill
- Copy
RKillfolder from your USB Tool to theCOPSfolder
RKill can’t run from a write-blocked drive, so you’ll usually need to copy the executables out first - [IMPORTANT] Run any RKill executable as Admininstrator
- Wait for RKill to complete, it will then generate a report
RKill.txton the current user’s desktop - Move
RKill.txtfrom%USERPROFILE%\DesktoptoCOPSfolder
- Copy
- Revo Uninstaller
- Disk Cleanup
- Run
cleanmgr /sageset:10
This will open the Disk Cleanup utility to create settings for Profile 10 - Click
Clean up system files - Select all checkboxes except for the following system error options:
System error memory dump files
System error minidump files
You can click on an option, and then use the UP + DOWN Arrows + Space Bar to quickly check or uncheck options - Click
OK - Run
cleanmgr /sagerun:10
This will run the Disk Cleanup utility to using Profile 10’s settings
- Run
4.1.2 Main
- Connect to Internet
- [OPTIONAL] AdwCleaner > AdwCleaner crashes out of UVK’s automation, so run it now instead if you want to use it
- [OPTIONAL] Spybot - Search & Destroy > Spybot is a thorough malware removal tool, but it can take a very long time to complete it’s scans
- [OPTIONAL] Windows Defender Offline Scan
- [OPTIONAL] Create a new System Restore point “COPS - Pre Virus/Malware Removal”
- Ultra Virus Killer (UVK)
- Install UVK
- Open UVK
- Do not disable Hybrid Shutdown if asked when opening UVK
- Do Update UVK if asked when opening UVK
- Click System Repair
- Select the following repair actions: (left menu)
> (you can click on an option, and then use the UP + DOWN Arrows + Space Bar to quickly check or uncheck options)
- Pre-Repair Actions 1. Set technician power settings 2. Kill all non system processes 3. Delete all restore points 4. Create a system restore point 5. Free physical memory 6. Backup the registry 7. Un-immunize all areas 8. Disable the User Account Control 9. Enable the legacy (F8) boot menu 10. Enable Windows Recovery Environment 11. Prevent rebooting until all is done
- Third-Party Built-in Apps 12. Ultra Adware Killer scan 13. MalwareBytes AntiMalware scan 14. Super AntiSpyware scan 15. RogueKiller scan 16. Kaspersky TDSSKiller scan 17. Avast! Browser Cleanup
- Reset Actions 18. Reset the DNS cache 19. Reset the Windows Store 20. Reset all print jobs
- Fixes for Common Windows Problems n/a
- File System Related Actions 21. Rebuild icon cache
- Essential Installes/Updates [If Google Chrome is installed:] 22. Insall/Update Chrome 23. Install uBlock Origin for Chrome [If Mozilla Firefox is installed:] 24. Install/Update Firefox 25. Install uBlock Origin for Firefox 26. Install uBlock Origin for Edge 27. PatchMyPC - Update all apps
- Privacy Cleanup 28. Clear all browsers history (all users) 29. Delete browsers cookies (all users)
- Maintenance Actions 30. Empty all users temp folders 31. Empty browsers cache (all users) 32. Unattended disk cleanup
- System Repair and Optimization n/a
- Windows Troubleshooters n/a
- Post-Repair Actions 33. Restore the previous UAC state 34. Restore previous immunization 35. Delete all restore points (post repair) 36. Create restore point (post repair) 37. Reset power settings 38. Uninstall Malwarebytes Antimalware 39. Uninstall Super AntiSpyware 40. Uinstall RogueKiller 41. Uninstall this application 42. Restore normal boot
- Select the following loadout settings: (right menu) 1. Third party full scans 2. Use unattended mode
- Click
Run selected fixes/apps
4.1.3 Post
- [OPTIONAL] Create a new System Restore point “COPS - Pre Windows Update”
- Update Windows (no preview updates)
- Update Apps via Microsoft Store
- Update Apps via Windows Package Manager (winget)
winget source update
winget upgrade --all --silent
Tip
You can queue up multiple commands in PowerShell by pressingShift+Enterto add a new line before pressingEnterto execute the all of the queued up commands one after another - [OPTIONAL] Create a new System Restore point “COPS - Pre Driver Update”
- Update Drivers (SDIO)
- Verify Drivers
- Turn On Windows Verifier:
- Run
Win+R:verifier - Select
Create standard settings - Click
Next - Select
Automatically select all drivers on this computer - Click
Finish - Restart Windows (
shutdown -r -f -t 00)
Windows Verifier works by stressing out drivers as they’re loaded (it is expected that the computer’s performance will be impacted while verifier is enabled)
If Windows loads into the desktop OK and does not crash with verifier enabled, then all is good and you can proceed to turn it off
- Run
- Turn Off Windows Verifier:
- Run
Win+R:verifier - Select
Delete existing settings - Click
Finish - Restart Windows (
shutdown -r -f -t 00)
- Run
- Turn On Windows Verifier:
- System Maintenance/Repair
- Open a Terminal as Administrator
Runwtorpowershellorcmd - Run the following commands:
winget source reset --force
winget source update
winget upgrade --all --silent
sfc /scannow
dism /online /cleanup-image /startcomponentcleanup /resetbase
dism /online /cleanup-image /restorehealth
sfc /scannow
defrag /c /o
chkdsk c: /r /scan /perf
Useful Tip
You can queue up multiple commands in PowerShell by pressingShift+Enterto add a new line before pressingEnterto execute the all of the queued up commands one after another
- Open a Terminal as Administrator
- Create a new System Restore point “COPS - Post Virus/Malware Removal”
4.2 Android
4.2.1 Pre
- Remove Intrusive Full-Screen Pop-Ups
These relentless pop-ups make the device impossible to work with, so deal with these first (if applicable)
More Info
These full screen pop-ups/ads aren’t a sign of an injection, but merely a malicious use of the native Android notification system.
Users don’t intentionally give these apps permission to do this, but it’s often caused by Tapjacking or simply users ignorantly agreeing to permission prompts.- Open
Play Store- Install Ad Virus Cleaner - ROX Security
- Open
Ad Virus Cleaner - ROX Security- Tap
Scan - Wait for the scan to complete
- Tap on
Pop-up Ad Detector- Tap on
Give Permissions
This will open a required permissions settings panel- Enable
ROX Security - Tap
<(back button)
- Enable
- Tap on
- Tap
- Open
- Safe Mode
Reboot the device in Safe-Mode (if available) - Web Browsers
Clear Cache + Data for all Web Browsers installed on the device.
The following steps are for Google Chrome, but other apps are managed that same way- Open
Settings- Tap
Apps- Tap
Chrome- Tap
Storage- Tap
Clear cache - Tap
Clear data
- Tap
- Tap
- Tap
- Tap
- Open
Remove Full-Screen Pop Up Ads (use ‘Ad Virus Cleaner - ROX Security’ or ‘Appwatch’ apps)
Remove any Suspicious or Malicious Apps
4.3 1ST PARTY SCANS
Play Protect Scan
Samsung Device Care Scan (if Samsung Device)
4.4 3RD PARTY SCANS (Pick at least 3)
Malwarebytes
AVG Antivirus
Bitdefender Antivirus
Sophos Intercept X for Mobile
Avira Security Antivirus & VPN
Trend Micro Mobile Security & Antivirus
ESET Mobile Security
4.5 UPDATES
Update Apps - Play Store
Update Apps - Galaxy Store (if Samsung Device)
Update Android OS